CNN/Money 
Commentary > Wastler's Wanderings
graphic
Vandalism's evolution on the Net
Another worm exposes a gang mentality among virus makers and a worrying transformation.
May 4, 2004: 4:01 PM EDT

Sign up for the Eyeopener e-mail newsletter

Don't you wish virus writers would discover girls and beer? Life would be better, for them and us. Unfortunately, they take out their adolescent urges in cyberspace, and the rest of us have to suffer.

Witness the "Sasser" worm making the rounds this week.

This nasty little bug slides into unprotected computers and proceeds to restart them over and over. No files eaten or drives trashed ... just irritation for irritation's sake.

As of mid-week, there were four variants of the worm and estimates of 500,000 to 1 million infected computers. Computer problems were reported at several companies, though few were willing to admit the glitches were Sasser-related (other companies would snicker, you see, and other degenerates would think them easy marks).

Want further evidence the Sasser bug was thought up by a kid in dire need of a spanking? There's a follow up e-mail professing to be a Sasser-fixer. Those dumb enough to believe this and open the attachment are hit with Netsky-AC -- the 28th variant of an e-mail worm that opens up your computer to hijacking.

In that NetSky worm is this charming little message:

"Hey, av firms, do you know that we have programmed the sasser virus?!?. Yeah thats true! Why do you have named it sasser? A Tip: Compare the FTP-Server code with the one from Skynet.V!!! LooL! We are the Skynet..."

A translation:

"Attention anti-virus companies ... we, the authors of this virus (NetSky-AC), are also the authors of Sasser. Honest. And we're curious: why do you call the virus 'Sasser'? Anyway, to prove the connection check out how similar the code in Sasser is to a virus we previously wrote. We are laughing quite a bit. And we like to be called Skynet."

Boasting is not uncommon among virus writers.

"Yes, they take credit for it," said Carole Theriault, a security consultant with Sophos, an anti-virus outfit in Europe. Apparently, a sort of gang mentality is building up between virus camps, she explained. "They try to impress one another and outdo one another."

So now we've gone from simple adolescent vandalism to gang behavior (cue "West Side Story" music ... The Jets are going to have their way tonight ...)

Right now the typical profile for a virus writer is a 16 to 24 year-old male. But profiles aren't static.

"I've found in various investigations that it ranges among ages, sexes, religions," said Greg Fowler, of the FBI's Northwest Cyber Crime taskforce.

Indeed, just two months ago Belgium police arrested a 19-year-old female virus writer that went by the handle "Gigabyte."

YOUR E-MAIL ALERTS
Wastler's Wanderings
Computer Worm
Sasser

Well, we aren't seeing a set profile, but we are seeing a transformation. A bratty, destructive child grows into a delinquent. And a delinquent grows into a criminal. Dare I say wiseguy?

"We are already seeing a transformation, where virus writing is getting more sinister and turning toward monetary gain," said Theriault.

It won't be long before this cyber vandalism grows into outright thievery, joining the wave of cyber fraud we are seeing elsewhere. Recognize it and prepare.  Top of page


Allen Wastler is Managing Editor of CNN/Money and a commentator for CNNfn.




  More on COMMENTARY
Yes Virginia, there is a Santa Claus rally
Thanks for nothing, Corporate America
It's not just the economy, stupid
  TODAY'S TOP STORIES
7 things to know before the bell
SoftBank and Toyota want driverless cars to change the world
Aston Martin falls 5% in its London IPO




graphic graphic

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer. Morningstar: © 2018 Morningstar, Inc. All Rights Reserved. Factset: FactSet Research Systems Inc. 2018. All rights reserved. Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor's Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2018 and/or its affiliates.

Most stock quote data provided by BATS. Market indices are shown in real time, except for the DJIA, which is delayed by two minutes. All times are ET. Disclaimer. Morningstar: © 2018 Morningstar, Inc. All Rights Reserved. Factset: FactSet Research Systems Inc. 2018. All rights reserved. Chicago Mercantile Association: Certain market data is the property of Chicago Mercantile Exchange Inc. and its licensors. All rights reserved. Dow Jones: The Dow Jones branded indices are proprietary to and are calculated, distributed and marketed by DJI Opco, a subsidiary of S&P Dow Jones Indices LLC and have been licensed for use to S&P Opco, LLC and CNN. Standard & Poor's and S&P are registered trademarks of Standard & Poor's Financial Services LLC and Dow Jones is a registered trademark of Dow Jones Trademark Holdings LLC. All content of the Dow Jones branded indices © S&P Dow Jones Indices LLC 2018 and/or its affiliates.